Wearable user device authentication system

ABSTRACT

Systems and methods for authenticating a user include a wearable user device receiving a first request to access a secure system. A plurality of authentication elements are then displayed on a display device to a user eye in a first authentication orientation about a perimeter of an authentication element input area. A user hand located opposite the display device from the user eye is then detected selecting a sequence of the plurality of authentication elements. For each selected authentication element in the sequence, the wearable user device moves the selected authentication element based on a detected movement of the user hand and records the selected authentication element as a portion of an authentication input in response to the user hand moving the selected authentication element to the authentication element input area. The user is authenticated for the secure system if the authentication input matches stored user authentication information.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a Continuation application to U.S. Utility application Ser. No.14/014,048 filed Aug. 29, 2013, entitled “WEARABLE USER DEVICEAUTHENTICATION SYSTEM,” Attorney Docket No. 70481.1020, the disclosureof which is incorporated herein by reference in its entirety.

BACKGROUND

1. Field of the Invention

The present invention generally relates to wearable user devices andmore particularly to an authentication system using a wearable userdevice.

2. Related Art

Wearable user devices such as, for example, Google Glass® available fromGoogle, Inc. of Mountain View, Calif., may include wearable computingdevices that feature a head-mounted display device that is included on aframe, similar to an eyeglass frame, that the user wears on their headsuch that the display is viewable in front of at least one eye of theuser. Users of such wearable user devices typically interact with thewearable user device to provide instructions by speaking thoseinstructions aloud, and the wearable user device then uses voicerecognition techniques to interpret those instructions so that they maybe executed by a wearable user device. Instructions may also be providedto the wearable user device through a touchpad located on the frame thatallows the user to “swipe” through a timeline-like interface provided onthe display device. However, these user interface systems for providinginstructions to the wearable user device suffer from a number ofdeficiencies, particularly when it comes to security. For example, theentering a password, passcode, or other authentication information usingthe wearable user device (e.g., to access functionality provided on thewearable user device) is subject to interception by a non-authorizeduser when spoken aloud, and is time-consuming and subject to error whenentered through the touchpad.

Thus, there is a need for an improved authentication system using awearable user device.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a flow chart illustrating an embodiment of a method forauthenticating a user using a wearable user device;

FIG. 2a is a screen shot illustrating an embodiment of the display of anauthentication screen on a wearable user device;

FIG. 2b is a screen shot/user field-of-vision illustrating an embodimentof a user providing authentication information using the authenticationscreen displayed on the wearable user device of FIG. 2 a;

FIG. 2c is a screen shot/user field-of-vision illustrating an embodimentof a user providing a authentication information using theauthentication screen displayed on the wearable user device of FIG. 2 a;

FIG. 2d is a screen shot illustrating an embodiment of the display of aauthentication screen on a wearable user device that has been modifiedrelative to the authentication screen displayed on the wearable userdevice of FIG. 2 a;

FIG. 2e is a screen shot illustrating an alternative embodiment of thedisplay of a authentication screen on a wearable user device;

FIG. 2f is a screen shot illustrating the alternative embodiment of theauthentication screen displayed on the wearable user device of FIG. 2ewith an authentication element selected and input;

FIG. 2g is a screen shot illustrating an alternative embodiment of thedisplay of a authentication screen on a wearable user device;

FIG. 3a is a screen shot/user field-of-vision illustrating an embodimentof a secure device detection screen displayed on a wearable user device;

FIG. 3b is a screen shot/user field-of-vision illustrating an embodimentof an authentication screen displayed on the wearable user device ofFIG. 3 a;

FIG. 4 is a schematic view illustrating an embodiment of a networkedsystem;

FIG. 5 is a perspective view illustrating an embodiment of a wearableuser device;

FIG. 6 is a schematic view illustrating an embodiment of a computersystem; and

FIG. 7 is a schematic view illustrating an embodiment of a wearable userdevice.

Embodiments of the present disclosure and their advantages are bestunderstood by referring to the detailed description that follows. Itshould be appreciated that like reference numerals are used to identifylike elements illustrated in one or more of the figures, whereinshowings therein are for purposes of illustrating embodiments of thepresent disclosure and not for purposes of limiting the same.

DETAILED DESCRIPTION

The present disclosure describes systems and methods for authenticatinga user using a wearable user device. The wearable user device mayreceive a first request from a user to access a secure system, which maybe the wearable user device itself, an application provided on thewearable user device, an application function in an application providedon the wearable user device, a secure device that is in communicationwith the wearable user device, and/or a variety of other secure systemsknown in the art. In response to receiving the request to access thesecure system, the wearable user device displays on its display device aplurality of authentication elements in a first authenticationorientation about a perimeter of an authentication element input area.The wearable user device then detects a user hand (e.g., using a cameraon the wearable user device), which is opposite the display device fromthe users eye, selecting a sequence of the plurality of authenticationelements in the first authentication orientation by moving their handover each selected authentication element such that the two areassociated by the wearable user device, and then moving thoseauthentication elements into the authentication element input area. Ifthe sequence of the plurality of authentication elements provides anauthentication input that matches user authentication information, thewearable user device authenticates the user for the secure system.

The wearable user device may then receive a second request from a userto access the secure system and, in response, the wearable user devicedisplays on its display device the plurality of authentication elementsin a second authentication orientation about the perimeter of anauthentication element input area, with the second authenticationorientation being different from the first authentication orientation.Thus, when the user selects a sequence of the plurality ofauthentication elements in the second authentication orientation toprovide the authentication input for authentication, the user handmovements will be different than those that were used to select thesequence of the plurality of authentication elements in the firstauthentication orientation. As such, someone viewing the user providingan authentication input using the wearable user device cannot simplyremember or record the user hand movements to copy the authenticationinput, as those hand movements will change depending on theauthentication orientation provided for the plurality of authenticationelements (which may change each time the user authenticates for thesecure system.)

Referring now to FIGS. 1 and 2, an embodiment of a method 100 forauthenticating a user using a wearable user device is illustrated. Inthe embodiments described below, a user wears a wearable user devicethat may enable authentication of the user in a wide variety ofsituations. In one embodiment, the wearable user device itself mayrequire authentication of the user in order to access any functionalityof that wearable user device. For example, the wearable user device mayrequire authentication of the user to access an operating system on thewearable user device. In another embodiment, the wearable user devicemay require authentication of the user in order to access an applicationprovided on that wearable user device. For example, the wearable userdevice may require authentication of the user to access a paymentapplication, a financial tracking application, an age restrictedapplication, and/or a variety of other applications provided on thewearable user device. In specific embodiments involving a paymentapplication, a payment service provider such as, for example, PayPal,Inc. of San Jose, Calif. may provide a payment application that the userinstalls on their wearable user device, and after authentication of theuser as described herein, the user may use the payment application tosend instructions to the payment service provider to transfer funds froma user financial account (e.g., provided by the payment serviceprovider, an account provider, etc.) to a merchant financial account(e.g., provided by the payment service provider, an account provider,etc.) to pay for products and/or services.

In another embodiment, the wearable user device may requireauthentication of the user in order to access functionality in anapplication provided on the wearable user device. For example, thewearable user device may require authentication of the user to charge apayment account through an application (e.g., to purchase a game on agame store application, to make a purchase on a website accessed throughan Internet browser application, etc.) that is provided on the wearableuser device. In another embodiment, the wearable user device may requireauthentication of the user in order to access a secure device that is incommunication with the wearable user device. For example, the wearableuser device may require authentication of the user in order to have thewearable user device provide an instruction to a secure device to unlocka lock, start-up a car, and/or provide a variety of other secure deviceauthentication actions known in the art. However, while a number ofdifferent examples of user authentications are discussed herein, thoseexamples are not meant to be limiting, and one of skill in the art inpossession of the present disclosure will recognize that a wide varietyof authentication scenarios known in the art will benefit from theteachings of the present disclosure.

Referring first to the embodiments illustrated in FIGS. 2a-c , themethod 100 begins at block 102 where a first request to access a securesystem is received. At block 102, the user is wearing the wearable userdevice and wishes to access the functionality of the wearable userdevice (e.g., the operating system), an application provided on thewearable user device (e.g., a payment application), and/or functionalityof an application provided on the wearable user device (e.g., theability to make a payment on a web page accessed through an Internetbrowser application.) Thus, at block 102 the user provides a firstrequest to access the secure system that is received by the wearableuser device. As discussed in further detail below, the wearable userdevice may include, and/or be coupled to, a non-transitory memory thatincludes instructions that, when executed by one or more hardwareprocessors in the wearable user device, cause the one or more hardwareprocessor to provide an authentication engine that perform thefunctionality of the wearable user device discussed below.

In one example of block 102, the user may power on the wearable userdevice to provide the first request to access the functionality of thewearable user device through access to its operating system. Thus, inthis example, the first request to access the secure system (e.g., thewearable user device itself) is sent automatically (e.g., without anyfurther input from the user) in response to the powering-on of thewearable user device. In another example of block 102, the user mayselect an application icon provided by the operating system on thewearable user device to provide the first request to access theapplication provided on the wearable user device. Thus, in this example,the first request to access the secure system (e.g., the application onthe wearable user device) is sent automatically (e.g., without anyfurther input from the user) in response to the user sendinginstructions to start an application. In another example of block 102,the user may select a function in an application provided on thewearable user device to provide the first request to access theapplication functionality within the application provided on thewearable user device. Thus, in this example, the first request to accessthe secure system (e.g., the application functionality in theapplication on the wearable user device) is sent automatically (e.g.,without any further input from the user) in response to instructions toaccess a function within an application.

The method 100 then proceeds to block 104 where a plurality ofauthentication elements is displayed in a first authenticationorientation. In response to receiving the first request to access thesecure system at block 102, the wearable user device may provide aplurality of authentication elements in a first authenticationorientation for display on a display device on the wearable use devicethat is positioned adjacent at least one eye of the user. As is known inthe art, wearable user devices may include a transparent display device(e.g., an Organic Light Emitting Device (OLED) display device) that ispositioned adjacent a user eye and that allows for the display ofinformation from the wearable user device over a field-of-vision of theuser. As such, the plurality of authentication elements that aredisplayed in the first authentication orientation may be viewable by theuser along with any objects located opposite the display device from theeye of the user.

Referring now to FIG. 2a , an embodiment of an authentication screen 200that may be provided on a display device by the wearable user device atblock 104 of the method 100 is illustrated. The authentication screen200 includes an authentication element input area 202 as well as aperimeter 204 that, in the illustrated embodiment, is spaced apart froma selection portion 202 a of the authentication element input area 202.The authentication screen 200 may provide the perimeter 204 spaced apartfrom a selection portion 202 a of the authentication element input area,as illustrated, to help prevent unintended selection of authenticationelements. For example, the area between the perimeter 204 and theselection portion 202 a of the authentication element input area 202 mayallow the user to “drag” authentication elements towards theauthentication element input area 202, discussed below, withoutselecting them as long as they are not dragged past the selectionportion 202 a of the authentication element input area 202.) However, inother embodiments, the perimeter 204 and the selection portion 202 a ofthe authentication element input area 202 may coincide such that thatthe user dragging an authentication element across the perimeter 204 andinto any portion of the authentication element input area 202 willresult in a selection of that authentication element.

The authentication screen 200 includes a plurality of authenticationelements 206 a, 206 b, 206 c, 206 d, 206 e, 206 f, 206 g, 206 h, 206 i,and 206 j provided in a first authentication orientation 208 about theperimeter 204. In the illustrated embodiment, the plurality ofauthentication elements 206 a-j are numerical passcode authenticationelements that include the numbers 0 through 9, which each of thosenumbers provided as a separate authentication element. In theillustrated embodiment, the first authentication orientation 208provides the numerical passcode authentication elements 206 a-j arrangedadjacent the perimeter 204, opposite the perimeter 204 from theauthentication element input area 202, and in numerical order startingwith the “0” authentication element 206 a at the top of the perimeter204 and about the perimeter in a clockwise direction (e.g., followed bythe “1” authentication element 206 b, the “2” authentication elements206 c, and so on).

Referring briefly to FIG. 2e , an alternative embodiment of anauthentication screen 210 that may be provided on a display device bythe wearable user device at block 104 of the method 100 is illustrated.The authentication screen 210 includes an authentication element inputarea 212 that includes a perimeter 214. The authentication screen 210also includes a plurality of authentication elements 216 a, 216 b, 216c, 216 d, 216 e, 216 f, 216 g, 216 h, 216 i, and 216 j provided in afirst authentication orientation 218 about the perimeter 214. In theillustrated embodiment, the plurality of authentication elements 216 a-jare numerical passcode authentication elements that include the numbers0 through 9, with each of those numbers provided as a separateauthentication element. In the illustrated embodiment, the firstauthentication orientation 218 provides the numerical passcodeauthentication elements 206 a-j arranged adjacent the perimeter 214,opposite the perimeter 214 from the authentication element input area212, and in numerical order starting with the “0” authentication element216 a at the top of the perimeter 214 and about the perimeter 214 in aclockwise direction (e.g., followed by the “1” authentication element216 b, the “2” authentication elements 216 c, and so on).

While a few examples of authentication screens, authentication elements,and authentication orientations have been provided above, a wide varietyof modification to those embodiments is envisioned as falling within thescope of the present disclosure. For example, rather than, or inaddition to, the numerical passcode authentications elements illustratedabove, other characters may be provided as authentication elementsincluding letters of an alphabet, symbols, and/or other characters knownin the art. For example, FIG. 2g illustrates an authentication screen217 that is substantially similar to the authentication screen 200discussed above but with the authentication elements 206 a-j provided assymbols. Furthermore, authentication elements may include images (e.g.,digital photos selected from a digital photo album or provided by theuser, images provided by a system provider, etc.), colors, and/or anyother authentication element known in the art. While the examples ofauthentication orientations have been illustrated as circular aroundabout the perimeter of a circular authentication input area, square,triangular, random, and/or any other orientation of the authenticationelements may provide the same benefits as the circular orientationsillustrated herein, and thus are envisioned as falling within the scopeof the present disclosure.

The method 100 then proceeds to block 106 where the selection of asequence of authentication elements is detected and recorded. In anembodiment, after being presented the plurality of authenticationelements 206 a-j on the display device of the wearable user device, theuser may select any sequence of those authentication elements by movingtheir hand (or parts of their hand, discussed below) in their field ofvision and opposite the display device from their eye to cause anauthentication element to be selected, and then moving that selectedauthentication element (via movement of their hand) from its originalposition (e.g., as provided in FIG. 2a ) to the authentication elementinput area 202 to cause that authentication element to be recorded aspart of the sequence of authentication elements by the wearable userdevice.

Referring now to FIGS. 2b and 2c , an embodiment of the user selectingthe authentication element 206 a from the authentication screen 200 aspart of a sequence of the authentication elements 206 a-j selected toprovide an authentication input is illustrated. As discussed above, theuser may position their hand 220 opposite the display device on thewearable user device such that an authentication element is selected. Asillustrated in FIG. 2b , the user is positioning a portion/index finger220 a of their hand 220 adjacent the authentication element 206 a toselect that authentication element 206 a.

In the illustrated embodiment, portions of the authentication screen 200are displayed to the user on the display device such that they appear“behind” the user's hand 220, index finger 220 a, or arm 220 b, eventhough they are being displayed on the display device that is positionedbetween the eye of the user and the user's hand 220, index finger 220 a,and arm 220 b. For example, in FIG. 2b a portion of the authenticationelement 206 a is being displayed to appear behind the user's indexfinger 220 a, portions of the authentication elements 206 b, 206 c, and206 d are being displayed to appear behind the users' hand 220 and arm220 c, and a portion of the perimeter 204 is being displayed to appearbehind the user's hand 220 and arm 220 c. Such display of theauthentication screen 200 may be performed to provide the user with morenatural and intuitive control in the selection of the authenticationelements 260 a-j and their movement to the authentication element inputarea 202 (i.e., users may be more comfortable if the authenticationscreen 200 appears to be located “behind” their hand, rather thandisplayed over it, when selecting authentication elements 206 a-j as anauthentication input).

In some embodiments, the display of portions of the authenticationscreen behind the user's hand 220, index finger 220 a, arm 220 b, and/orother authentication element selecting user features may be accomplishedby capturing images or video (e.g., via a camera on the wearable userdevice) of the user's hand 220, index finger 220 a, and arm 220 b,recognizing the user's hand 220, index finger 220 a, and arm 220 b(e.g., using image recognition techniques known in the art), and usingthose recognized user features to modify the display of theauthentication screen 200 such that the portions of the authenticationscreen 200 that would otherwise overlap the user's hand 220, indexfinger 220 a, and arm 220 b are not displayed and appear to be “covered”or otherwise “behind” the user's hand 220, index finger 220 a, and arm220 b. However, in other embodiments, all of the authentication screen200 may simply be displayed over the user's hand 220, index finger 220a, and arm 220 b.

At block 106, the wearable user device may determine that the user hasselected an authentication element by capturing images or video of theuser's hand 220, recognizing the user's hand 220 selecting theauthentication element, and associating the selected authenticationelement with the user hand 220. The recognition of the users hand 220selecting the authentication element may be based on, for example, thewearable user device determining (e.g., from the captured images orvideo) that the user's hand 220 has been positioned adjacent the usersview of that authentication element for a predetermined amount of time,the user's hand 220 performing a predetermined gesture adjacent thatauthentication element, and/or in a response to a variety of other userselection actions known in the art. In the illustrated example, the userhas extended the index finger 220 a on their hand 220 such that theindex finger 220 a is positioned over the authentication element 206 aand, in response, the wearable user device has determined that the useris selecting the authentication element 206 a (e.g., based on the indexfinger 220 a being positioned adjacent the users view of theauthentication element 206 a for a predetermined time, based on thegesture of the user extending their index finger 220 a and that indexfinger being positioned adjacent the users view of the authenticationelement 206 a, etc.). In response to detecting that selection, thewearable user device associates the authentication element 206 a withthe user′ hand 220 and/or index finger 220 a.

Referring now to FIG. 2c , the user may then move their hand 220 tocause the authentication element that they previously selected to bemoved on the authentication screen 200 into the authentication elementinput area 202. In the illustrated embodiment, the user has moved theirhand 220, and index finger 220 a along with it, such that the indexfinger 220 a is positioned adjacent the user's view of theauthentication element input area 202. Following the association of theselected authentication element 206 a and the user index finger 220 adiscussed above, when the user moves their hand 220 and index finger 220a, the wearable user device detects that movement (e.g., via images orvideo captured by the camera on the wearable user device) and causes thedisplay of the authentication element 206 a to move relative to theauthentication screen 200 and the authentication element input area 202.Thus, the movement by the user of their hand 220 and index finger 220 acauses the display of the authentication element 206 a to be “dragged”from its original position (illustrated by the dashed line in FIG. 2c )along with the hand 220 and index finger 220 a of the user to theauthentication element input area 202, as illustrated in FIG. 2 c.

In response to the movement of the authentication element 206 a to theauthentication element input area 202 (performed by the wearable userdevice in response to the movements of the user's hand 220 and indexfinger 220 a), the wearable user device records the authenticationelement 206 a as a portion of an authentication input provided by theuser in selecting a sequence of the authentication elements 206 a-j. Therecording of the authentication element based on it being in theauthentication element input area 202 may occur in response to the user“holding” that authentication element in the authentication elementinput area 202 for a predetermined amount of time, based on a gesture ofthe hand 220 or index finger 220 a (e.g., making a first or otherwisedetracting the index finger 220 a), and/or in response to a variety ofother user gestures. In an embodiment, the authentication elementsselected by the user may be displayed in an authentication input box222, as illustrated.

The user may then select further authentication elements in the sequenceof authentication elements selected at block 106 in substantially thesame manner as discussed above for the authentication element 206 a toprovide different portions of an authentication input. For example, theuser could follow the selection of the authentication element 206 a witha selection of the authentication element 206 h, followed by theselection of the authentication element 206 e, following be theselection of the authentication element 206 a again, and followed by theselection of any of the authentication elements 206 a-j in any sequenceto provide an authentication input for authenticating the user.

Referring back to FIGS. 2e and 2f , the detection and recording of theselection of the sequence of authentication elements at block 106 may beperformed in substantially the same manner as described above using thealternative authentication screen 210 but with a few slight variations.Thus, the user may select the authentication element 216 c insubstantially the same manner as described above for the authenticationelement 206 a on the authentication screen 200 (e.g., using their hand220), and the wearable user device will associated that authenticationelement 216 c with the user hand 220. The user may then move their hand220 across their view of the perimeter 214 and into their view of theauthentication element input area 212 such that the wearable user devicecauses the authentication element 216 c to move accordingly and thenrecord the authentication element 216 c as a portion of theauthentication input. Similarly as discussed above for theauthentication screen 200, the selection of any of the authenticationelements 216 a-j in any sequence on the authentication screen 210 may beperformed to provide the authentication input for authenticating theuser.

The method 100 then proceeds to block 108 where the authentication inputprovided at block 106 is determined to match user authenticationinformation and, in response, the user is authenticated. In anembodiment, the wearable user device includes a non-transitory memorythat may include a database or other logical storage structure thatincludes user authentication information for authenticating a user. Forexample, the wearable user device may store user authenticationinformation for authenticating a user to use the wearable user device(e.g., to access an operating system of the user device), forauthenticating a user to use an application on the wearable user device,for authenticating a user to use functionality in an application on thewearable user device, for authenticating a user to access a securedevice that is in communication with the wearable user device, etc. Inanother embodiment, the wearable user device is coupled through anetwork (e.g., the Internet) to a non-transitory memory that may includea database or other logical storage structure that includes userauthentication information for authenticating a user. For example, thewearable user device may access user authentication information over thenetwork for authenticating a user to use the wearable user device (e.g.,to access an operating system of the user device), for authenticating auser to use an application on the wearable user device, forauthenticating a user to use functionality in an application on thewearable user device, for authenticating a user to access a securedevice that is in communication with the wearable user device, etc.Thus, at block 108, the wearable user device retrieves the userauthentication information associated with the secure system for whichthe user is requesting access, and compares that user authenticationinformation to the authentication input recorded at block 106. If theauthentication input does not match the user authentication information,the user is denied access to the secure system. However, if theauthentication input matches the user authentication information, theuser is authenticated for the secure system. Thus, following block 108,the user may begin using the wearable user device, an application on thewearable user device, an application function in the application on thewearable user device, a secure device in communication with the wearableuser device (discussed in further detail below), etc.

The method 100 may then proceed to optional block 110 where anotherrequest is received to access the secure system. Following beingauthenticated and granted access to the secure system in block 108, theuser may need to re-authenticate with that secure system. For example,the authentication of the user provided by block 108 may expire due to anumber of reasons such as, for example, the ending of an authenticationtime period, following a user logging off of the secure system,following user inactivity on the secure system, and/or in response to avariety of other authentication-expiration situations known in the art.In response, at block 110, the user may provide, and the wearable userdevice may receive, a second request to access the secure system. Thesecond request to access the secure system may be provided by the userand received by the wearable user device in the same manner as discussedabove for the first request at block 102, discussed in detail above.

The method 100 may then proceed to optional block 112 where theplurality of authentication elements is provided in an authenticationorientation that is different from the first authentication orientation.Referring now to FIG. 2d , and with reference to FIG. 2a , following thesecond request to access the secure system at block 110, the wearableuser device provides the authentication screen 200 with theauthentication element input area 202, the perimeter 204, and the sameauthentication elements 206 a-j. However, the authentication elements206 a-j are provided in a second authentication orientation 224 that isdifferent than the first authentication orientation 208 illustrated inFIGS. 2a-c . As can be seen by a comparison of the first authenticationorientation 208 and the second authentication orientation 224, each ofthe authentication elements 206 a-j has been moved to a differentposition about the perimeter 204 of the authentication element inputarea 202. In an embodiment, the wearable user device may include aplurality of different authentication screens including the differentauthentication orientations of the authentication elements, may have theability to randomize the positions of the authentication elements on anauthentication screen, and/or may user a variety of other techniques forproviding the different authentication orientations. With reference tothe authentication screens 210 and 217 illustrated in FIGS. 2e and 2g ,the authentication elements (e.g., authentication elements 216 a-j inFIG. 2e ) may be provided in an authentication orientation that differsfrom the first authentication orientation (e.g., the authenticationorientation 218 in FIG. 2e ) in the same manner as discussed above.

The method 100 may then proceed back to block 106 where the selection ofa sequence of authentication elements is detected and recorded. Thedetection and recording of the selection of the sequence ofauthentication elements displayed in the second authenticationorientation is performed substantially as described above for thedetection and recording of the selection of the sequence ofauthentication elements displayed in the first authenticationorientation, but with the provision that, due to the difference in thepositions of the authentication elements in the second authenticationorientation relative to the first authentication orientation, themovements of the user's hand 220 will differ even though the user isselecting the same sequence of authentication elements to provide thesame authentication input. Thus, someone viewing the user providing theauthentication input will be unable to falsely identify themselves asthe user by copying or mimicking those user hand movements because theycannot know the orientation of the authentication elements that arebeing displayed to the user (i.e., because the display device on thewearable user device is only visible to the user) and because theauthentication elements are unlikely to be displayed in that orientationagain (i.e., due to the changing of the authentication orientationbetween secure system access requests).

The method 100 may then proceed back to block 108 where the wearableuser device determines that the authentication input (provided using thedisplay of the authentication elements in the second authenticationorientation) matches user authentication information and authenticatesthe user. The method 100 may then repeat block 110, then block 112, thenback to block 106, and then to block 108, as many times as the userneeds to authenticate with the secure system. As such, the wearable userdevice may receive a third request to access the secure system andprovide the authentication elements in a third authenticationorientation that is different from both the first authenticationorientation and the second authentication orientation, and so on.Because the wearable user device operates to change the authenticationorientation of the authentication elements (e.g., every authenticationorientation may be different up to the statistical limits based on thenumber of authentication elements used, each authentication orientationmay be random, a set of authentication orientations may be cycled, etc.)across user authentications, any attempt to copy the user movements madeto authenticate will not result in a false authentication, as a givenset of user movements will not result in authentication for subsequentauthentication orientations of the authentication elements.

Referring now to FIGS. 3a and 3b , a specific embodiment of the wearableuser device authentication system is illustrated that provides anexample of how the wearable user device discussed above may be used toauthenticate the user for secure devices that are in communication withthe wearable user device. As discussed in further detail below, thewearable user device may include a wireless communications system thatprovides the wearable user device the ability to wirelessly communicatewith secure systems. For example, the wearable user device may include aBluetooth wireless controller that is configured to perform Bluetoothwireless communications, a Near Field Communication (NFC) wirelesscontroller that is configured to perform NFC communications, a Wifiwireless controller that is configured to perform Wifi wirelesscommunications, a cellular wireless controller that is configured toperform cellular wireless communications, and/or a variety of otherwireless controllers for performing wireless communications known in theart.

FIG. 3a illustrates a secure system 300 that, in the illustratedembodiment, includes a car with a secure device 302 that includes a doorlock. In an embodiment, the secure system 300/car and/or the securedevice 302/door lock are configured to wirelessly communicate with thewearable user device (e.g., using a wireless controller similar to thosediscussed above as being included in the wearable user device), and auser of the wearable user device and the secure system 300/car mayconfigure both to communicate to authenticate the user for the securesystem 300/car using the wearable user device. For example, the user mayprogram the wearable user device with authentication information for thesecure system 300/car.

FIG. 3a illustrates a user's field-of-view upon approaching the securesystem 300/car and following an initial communication between thewearable user device and the secure system 300/car. For example, inresponse to the user bringing the wearable user device within a wirelesscommunication range of the secure system 300/car, the wearable userdevice and the secure system 300/car may begin communicating usingwireless communication techniques known in the art (e.g., via Bluetoothcommunication, NFC communication, Wifi communications, cellularcommunications, etc.). The initial communications between the wearableuser device and the secure system 300/car may include each identifyingitself and confirming the identity of the other. For example, thewearable user device may receive an identification from the securesystem 300/car and then use that identification to determine whether thesecure system 300/car is associated with user authentication informationin a database, discussed above. In another example, the wearable userdevice may receive information that may be used to determine where inthe user's field of view the secure device 302/door lock is located,and/or a variety of other information about the secure system 300/carand/or secure device 302/lock.

In response to the secure system 300/car being associated with userauthentication information in a database, the wearable use device maydisplay a secure device detection screen 304 on its display device. Inthe embodiment illustrated in FIG. 3a , the secure device detectionscreen 304 is displayed such that the secure system 300/car that is inthe user's field of view and opposite the display device from the user'seye is visible through the secure device detection screen 304. Anindication window 306 is provided on the secure device detection screen304 that indicates the secure device 302/door lock (e.g., the locationof the secure device 302 in the users field of view), and a user prompt308 is provided to indicate to the user that they may access the securesystem 300/car through the secure device 302/door lock by authenticatingusing the wearable user device. For example, the user may be able tospeak the word “unlock” in order to provide the request to access thesecure system 300/car (discussed above with reference to blocks 102 and110 of the method 100).

Referring now to FIG. 3b , in response to receiving the request toaccess the secure system 300/car, the wearable user device may providean authentication screen 310, which is substantially similar to theauthentication screen 200, discussed above with reference to FIGS. 2a-2c, and the user may interact with the authentication screen 310substantially as described above with reference to the method 100 inorder to provide an authentication input for authentication by thewearable user device. In response to authenticating the user asdescribed above with reference to block 108 of the method 100, thewearable user device may wirelessly communicate an instruction to thesecure system 300/car to provide access to the user. For example, in theillustrated embodiment, the instruction to the secure system 300/car toprovide access to the user may include an instruction to unlock thesecure device 302/door lock such that the user may access the securesystem 300/car. As discussed above, subsequent attempts to access thesecure system 300 will result in the orientation of the authenticationelements on the authentication screen 310 being changed such that userhand movements and gestures to provide an authentication input aredifferent and cannot be copied by another who has viewed them to falselyauthenticate with and use the secure system 300/car.

While the use of the wearable user device to authenticate a user andunlock a car door has been illustrated and described, a wide variety ofsecure systems and secure devices in wireless communication with thewearable user device will benefit from the authentication systemdescribed herein. For example, with reference to the secure system300/car of FIGS. 3a and 3b , user authentication may provide forunlocking of the trunk of the car, starting the ignition of the car,and/or providing a variety of other car actions known in the art. Insuch an example, indication windows and use prompts may be provided thatare similar to the indication window 306 and user prompt 308 of FIG. 3ato indicate secure devices that the user may authenticate for (e.g., anindication window indicating the trunk may be unlocked along with a userprompt to “unlock trunk”, an indication window indicating the ignitionmay be started along with a user prompt to “start ignition”, etc.). Inanother example, the secure system may be a home and the secure devicesmay be one or more doors in the home, a safe in the home, and/or avariety of other home secure devices known in the art. In anotherexample, the secure system may be a computer and the secure device maybe any components connected to that computer. Thus, one of skill in theart in possession of the present disclosure will recognize that a widevariety of secure systems and secure devices known in the art may have auser authenticated for them using the systems and methods discussedherein.

Thus, systems and methods for authenticating a user using a wearableuser device have been described that allow a user to provide anauthentication input using hand movements and gestures that manipulateauthentication elements displayed on a display device that is onlyvisible to the user. On subsequent authentications, the authenticationorientation of the authentication elements is changed so that when theuser provides the same authentication input, different hand movementsand gestures will be used. As such, the hand gestures and movements arenot subject to copying to provide a false authentication by anyone thathas viewed them or recorded them, as the hand gestures and movementsneeded for authentication will differ based on the differingauthentication orientations provided for the authentication elements.

Referring now to FIG. 4, an embodiment of a network-based system 400 forimplementing one or more processes described herein is illustrated. Asshown, network-based system 400 may comprise or implement a plurality ofservers and/or software components that operate to perform variousmethodologies in accordance with the described embodiments. Exemplaryservers may include, for example, stand-alone and enterprise-classservers operating a server OS such as a MICROSOFT® OS, a UNIX® OS, aLINUX® OS, or other suitable server-based OS. It can be appreciated thatthe servers illustrated in FIG. 4 may be deployed in other ways and thatthe operations performed and/or the services provided by such serversmay be combined or separated for a given implementation and may beperformed by a greater number or fewer number of servers. One or moreservers may be operated and/or maintained by the same or differententities.

The embodiment of the networked system 400 illustrated in FIG. 4includes a user device 402, a merchant device 404, a payment serviceprovider device 406, a plurality of account provider devices 408, and aplurality of secure devices 409 in communication over a network 410. Anyof the user devices 402 may be the wearable user devices, discussedabove. The merchant device 404 may be the merchant devices discussedabove and may be operated by the merchants discussed above. The paymentservice provider device 406 may be the payment service provider devicesdiscussed above and may be operated by a payment service provider suchas, for example, PayPal Inc. of San Jose, Calif. The account providerdevices 408 may be the account provider devices discussed above and maybe operated by the account providers discussed above such as, forexample, credit card account providers, bank account providers, savingsaccount providers, and a variety of other account providers known in theart. The secure devices 409 may be secure systems and/or devices,discussed above

The user device 402, merchant device 404, payment service providerdevice 406, plurality of account provider devices 408, and plurality ofsecure devices 409 may each include one or more processors, memories,and other appropriate components for executing instructions such asprogram code and/or data stored on one or more computer readable mediumsto implement the various applications, data, and steps described herein.For example, such instructions may be stored in one or more computerreadable mediums such as memories or data storage devices internaland/or external to various components of the system 400, and/oraccessible over the network 410.

The network 410 may be implemented as a single network or a combinationof multiple networks. For example, in various embodiments, the network410 may include the Internet and/or one or more intranets, landlinenetworks, wireless networks, and/or other appropriate types of networks.

The user device 402 may be implemented using any appropriate combinationof hardware and/or software configured for wired and/or wirelesscommunication over network 410. For example, in one embodiment, the userdevice 402 may be implemented as a personal computer of a user incommunication with the Internet.

The user device 402 may include one or more browser applications whichmay be used, for example, to provide a convenient interface to permitthe payer to browse information available over the network 410. Forexample, in one embodiment, the browser application may be implementedas a web browser configured to view information available over theInternet.

The user device 402 may also include one or more toolbar applicationswhich may be used, for example, to provide user-side processing forperforming desired tasks in response to operations selected by the user.In one embodiment, the toolbar application may display a user interfacein connection with the browser application.

The user device 402 may further include other applications as may bedesired in particular embodiments to provide desired features to theuser device 402. In particular, the other applications may include apayment application for payments assisted by a payment service providerthrough the payment service provider device 406. The other applicationsmay also include security applications for implementing user-sidesecurity features, programmatic user applications for interfacing withappropriate application programming interfaces (APIs) over the network410, or other types of applications. Email and/or text applications mayalso be included, which allow the user to send and receive emails and/ortext messages through the network 410. The user device 402 includes oneor more user and/or device identifiers which may be implemented, forexample, as operating system registry entries, cookies associated withthe browser application, identifiers associated with hardware of theuser device 402, or other appropriate identifiers, such as a phonenumber. In one embodiment, the user identifier may be used by thepayment service provider device 406 and/or account provider device 408to associate the user with a particular account as further describedherein.

The merchant device 404 may be maintained, for example, by aconventional or on-line merchant, conventional or digital goods seller,individual seller, and/or application developer offering variousproducts and/or services in exchange for payment to be receivedconventionally or over the network 410. In this regard, the merchantdevice 404 may include a database identifying available products and/orservices (e.g., collectively referred to as items) which may be madeavailable for viewing and purchase by the user.

The merchant device 404 also includes a checkout application which maybe configured to facilitate the purchase by the payer of items. Thecheckout application may be configured to accept payment informationfrom the user through the user device 402, the account provider throughthe account provider device 408, and/or from the payment serviceprovider through the payment service provider device 406 over thenetwork 410.

Referring now to FIG. 5, an embodiment of a wearable user device 500 isillustrated. The wearable user device 500 may be the may be the wearableuser devices, discussed above. The wearable user device 500 includes aframe 502 having a computing chassis 504 that extends from the frame502, a display device 506 that extends from the computing chassis 504, amicrophone 508 located on the computing chassis 504, and a cameralocated on the computing chassis 504. One of skill in the art willrecognize that the wearable user device 500 is a mobile wearable userdevice such as, for example, Google Glass® available from Google Inc. ofMountain View, Calif. that may provide a user with the functionalitydiscussed above with reference to the method 100. However, a variety ofother mobile wearable user devices may be used in the method 100 withoutdeparting from the scope of the present disclosure.

Referring now to FIG. 6, an embodiment of a computer system 600 suitablefor implementing, for example, user devices 402 or 500, merchant device404, payment service provider device 406, plurality of account providerdevices 408, and/or plurality of secure devices 409, is illustrated. Itshould be appreciated that other devices utilized by users, merchants,payment service providers, and account providers in the system discussedabove may be implemented as the computer system 600 in a manner asfollows.

In accordance with various embodiments of the present disclosure,computer system 600, such as a computer and/or a network server,includes a bus 602 or other communication mechanism for communicatinginformation, which interconnects subsystems and components, such as aprocessing component 604 (e.g., processor, micro-controller, digitalsignal processor (DSP), etc.), a system memory component 606 (e.g.,RAM), a static storage component 608 (e.g., ROM), a disk drive component610 (e.g., magnetic or optical), a network interface component 612(e.g., modem or Ethernet card), a display component 614 (e.g., CRT orLCD), an input component 618 (e.g., keyboard, keypad, or virtualkeyboard), a cursor control component 620 (e.g., mouse, pointer, ortrackball), and/or a location determination component 622 (e.g., aGlobal Positioning System (GPS) device as illustrated, a cell towertriangulation device, and/or a variety of other location determinationdevices known in the art.) In one implementation, the disk drivecomponent 610 may comprise a database having one or more disk drivecomponents.

In accordance with embodiments of the present disclosure, the computersystem 600 performs specific operations by the processor 604 executingone or more sequences of instructions contained in the memory component606, such as described herein with respect to the user device 402 or500, merchant device 404, payment service provider device 406, pluralityof account provider devices 408, and/or plurality of secure devices 409.Such instructions may be read into the system memory component 606 fromanother computer readable medium, such as the static storage component608 or the disk drive component 610. In other embodiments, hard-wiredcircuitry may be used in place of or in combination with softwareinstructions to implement the present disclosure.

Logic may be encoded in a computer readable medium, which may refer toany medium that participates in providing instructions to the processor604 for execution. Such a medium may take many forms, including but notlimited to, non-volatile media, volatile media, and transmission media.In one embodiment, the computer readable medium is non-transitory. Invarious implementations, non-volatile media includes optical or magneticdisks, such as the disk drive component 610, volatile media includesdynamic memory, such as the system memory component 606, andtransmission media includes coaxial cables, copper wire, and fiberoptics, including wires that comprise the bus 602. In one example,transmission media may take the form of acoustic or light waves, such asthose generated during radio wave and infrared data communications.

Some common forms of computer readable media includes, for example,floppy disk, flexible disk, hard disk, magnetic tape, any other magneticmedium, CD-ROM, any other optical medium, punch cards, paper tape, anyother physical medium with patterns of holes, RAM, PROM, EPROM,FLASH-EPROM, any other memory chip or cartridge, carrier wave, or anyother medium from which a computer is adapted to read. In oneembodiment, the computer readable media is non-transitory.

In various embodiments of the present disclosure, execution ofinstruction sequences to practice the present disclosure may beperformed by the computer system 600. In various other embodiments ofthe present disclosure, a plurality of the computer systems 600 coupledby a communication link 624 to the network 410 (e.g., such as a LAN,WLAN, PTSN, and/or various other wired or wireless networks, includingtelecommunications, mobile, and cellular phone networks) may performinstruction sequences to practice the present disclosure in coordinationwith one another.

The computer system 600 may transmit and receive messages, data,information and instructions, including one or more programs (i.e.,application code) through the communication link 624 and the networkinterface component 612. The network interface component 612 may includean antenna, either separate or integrated, to enable transmission andreception via the communication link 624. Received program code may beexecuted by processor 604 as received and/or stored in disk drivecomponent 610 or some other non-volatile storage component forexecution.

Referring now to FIG. 7, an embodiment of a wearable user device 700 isillustrated. In an embodiment, the device 700 may be the wearable userdevices 402 or 500. The device 700 includes a communication engine 702that is coupled to the network 410 and to an authentication engine 704that is coupled to an authentication database 706. The communicationengine 702 may be software or instructions stored on a computer-readablemedium that allows the device 700 to send and receive information overthe network 410. The authentication engine 704 may be software orinstructions stored on a computer-readable medium that is operable toreceive requests to access a secure system, display authenticationelements in any number of orientations, change authenticationorientations (e.g., based on instructions in the authentication database706), detect selection of authentication elements, associated selectedauthentication elements with a user's hand, move selected authenticationelements in response to detected user hand movements, record selectedauthentication elements, determine that authentication inputs match userauthentication information in the authentication database 702,communicate with secure systems and devices, and provide any of theother functionality that is discussed above. While the database 706 hasbeen illustrated as located in the wearable user device 700, one ofskill in the art will recognize that it may be connected to theauthentication engine 704 through the network 410 without departing fromthe scope of the present disclosure.

Where applicable, various embodiments provided by the present disclosuremay be implemented using hardware, software, or combinations of hardwareand software. Also, where applicable, the various hardware componentsand/or software components set forth herein may be combined intocomposite components comprising software, hardware, and/or both withoutdeparting from the scope of the present disclosure. Where applicable,the various hardware components and/or software components set forthherein may be separated into sub-components comprising software,hardware, or both without departing from the scope of the presentdisclosure. In addition, where applicable, it is contemplated thatsoftware components may be implemented as hardware components andvice-versa.

Software, in accordance with the present disclosure, such as programcode and/or data, may be stored on one or more computer readablemediums. It is also contemplated that software identified herein may beimplemented using one or more general purpose or specific purposecomputers and/or computer systems, networked and/or otherwise. Whereapplicable, the ordering of various steps described herein may bechanged, combined into composite steps, and/or separated into sub-stepsto provide features described herein.

The foregoing disclosure is not intended to limit the present disclosureto the precise forms or particular fields of use disclosed. As such, itis contemplated that various alternate embodiments and/or modificationsto the present disclosure, whether explicitly described or impliedherein, are possible in light of the disclosure. For example, the aboveembodiments have focused on merchants and users; however, a user orconsumer can pay, or otherwise interact with any type of recipient,including charities and individuals. The payment does not have toinvolve a purchase, but may be a loan, a charitable contribution, agift, etc. Thus, merchant as used herein can also include charities,individuals, and any other entity or person receiving a payment from apayer. Having thus described embodiments of the present disclosure,persons of ordinary skill in the art will recognize that changes may bemade in form and detail without departing from the scope of the presentdisclosure. Thus, the present disclosure is limited only by the claims.

What is claimed is:
 1. An authentication system, comprising: anon-transitory memory storing user authentication information; and oneor more hardware processors coupled to the non-transitory memory andconfigured to read instructions from the non-transitory memory to causethe system to perform operations comprising: receiving, by a wearableuser device, a first request from a user to access a secure system;displaying, to a user eye of the user on a display device of thewearable user device, a plurality of authentication elements in a firstauthentication orientation about a perimeter of an authenticationelement input area; detecting, by a camera on the wearable user device,a user hand of the user that is located opposite the display device fromthe user eye of the user selecting a sequence of the plurality ofauthentication elements and, for each selected authentication element inthe sequence: associating the selected authentication element with theuser hand; moving the selected authentication element on the displaydevice of the wearable user device based on a detected movement of theuser hand; and recording the selected authentication element as aportion of an authentication input in response to moving the selectedauthentication element to the authentication element input area; anddetermining that an authentication input, which includes each portion ofthe authentication input that was recorded, matches the userauthentication information in the non-transitory memory and, inresponse, authenticating the user for the secure system.
 2. Theauthentication system of claim 1, wherein the wearable user deviceincludes a head mounted display.
 3. The authentication system of claim1, wherein the secure system includes an operating system of thewearable user device.
 4. The authentication system of claim 1, whereinthe secure system includes an application provided by an operatingsystem on the wearable user device.
 5. The authentication system ofclaim 1, wherein the secure system includes a secure device that is inwireless communication with the wearable user device and that is locatedopposite the display device from the user eye of the user.
 6. Theauthentication system of claim 5, wherein the one or more hardwareprocessors are configured to read instructions from the non-transitorymemory to cause the system to perform operations comprising:communicating wirelessly with the secure device and, in response,recognizing that the secure device is associated with the user in thenon-transitory memory; displaying, to the user eye of the user on thedisplay device of the wearable user device, a secure device detectionscreen that indicates the secure device; and in response to receiving asecure device authentication command, displaying the plurality ofauthentication elements.
 7. A method for authenticating a usercomprising: receiving, by a wearable user device, a first request from auser to access a secure system; displaying, to a user eye of the user ona display device of the wearable user device, a plurality ofauthentication elements in a first authentication orientation about aperimeter of an authentication element input area; detecting, by acamera on the wearable user device, a user hand of the user that islocated opposite the display device from the user eye of the userselecting a sequence of the plurality of authentication elements and,for each selected authentication element in the sequence: associatingthe selected authentication element with the user hand; moving theselected authentication element on the display device of the wearableuser device based on a detected movement of the user hand; and recordingthe selected authentication element as a portion of an authenticationinput in response to moving the selected authentication element to theauthentication element input area; determining that an authenticationinput, which includes each portion of the authentication input that wasrecorded, matches a user authentication information in a database and,in response, authenticating the user for the secure system.
 8. Themethod of claim 7, wherein the wearable user device includes a headmounted display.
 9. The method of claim 7, wherein the secure systemincludes an operating system of the wearable user device.
 10. The methodof claim 7, wherein the secure system includes an application providedby an operating system on the wearable user device.
 11. The method ofclaim 7, wherein the secure system includes a secure device that is inwireless communication with the wearable user device and that is locatedopposite the display device from the user eye of the user.
 12. Themethod of claim 11, further comprising: communicating wirelessly withthe secure device and, in response, recognizing that the secure deviceis associated with the user in the database; displaying, to the user eyeof the user on the display device of the wearable user device, a securedevice detection screen that indicates the secure device; and inresponse to receiving a secure device authentication command, displayingthe plurality of authentication elements.
 13. The method of claim 12,wherein the authenticating the user for the secure system that includesthe secure device includes sending an instruction wirelessly to thesecure device to unlock a lock.
 14. A non-transitory machine-readablemedium having stored thereon machine-readable instructions executable tocause a machine to perform operations comprising: receiving, by awearable user device, a first request from a user to access a securesystem; displaying, to a user eye of the user on a display device of thewearable user device, a plurality of authentication elements in a firstauthentication orientation about a perimeter of an authenticationelement input area; detecting, by a camera on the wearable user device,a user hand of the user that is located opposite the display device fromthe user eye of the user selecting a sequence of the plurality ofauthentication elements and, for each selected authentication element inthe sequence: associating the selected authentication element with theuser hand; moving the selected authentication element on the displaydevice of the wearable user device based on a detected movement of theuser hand; and recording the selected authentication element as aportion of an authentication input in response to moving the selectedauthentication element to the authentication element input area;determining that an authentication input, which includes each portion ofthe authentication input that was recorded, matches a userauthentication information in a database and, in response,authenticating the user for the secure system.
 15. The non-transitorymachine-readable medium of claim 14, wherein the wearable user deviceincludes a head mounted display.
 16. The non-transitory machine-readablemedium of claim 14, wherein the secure system includes an operatingsystem of the wearable user device.
 17. The non-transitorymachine-readable medium of claim 14, wherein the secure system includesan application provided by an operating system on the wearable userdevice.
 18. The non-transitory machine-readable medium of claim 14,wherein the secure system includes a secure device that is in wirelesscommunication with the wearable user device and that is located oppositethe display device from the user eye of the user.
 19. The non-transitorymachine-readable medium of claim 18, wherein the operations furthercomprise: communicating wirelessly with the secure device and, inresponse, recognizing that the secure device is associated with the userin the database; displaying, to the user eye of the user on the displaydevice of the wearable user device, a secure device detection screenthat indicates the secure device; and in response to receiving a securedevice authentication command, displaying the plurality ofauthentication elements.
 20. The non-transitory machine-readable mediumof claim 14, wherein the authenticating the user for the secure systemthat includes the secure device includes sending an instructionwirelessly to the secure device to unlock a lock.